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(54) Title: SAFETY MODULE 
(57) Abstract 

The present invention relates to an IC 
card, a transaction station as well as uses 
thereof. According to the invention, a cryp- 
tographic IC card, which is essentially sta- 
tionarily arranged in a card reader in con- 
nection with a transaction station, such as an 
ATM or the like, is utilised for cryptographic 
processing of data which is to be transmitted 
between the transaction station and a central 
computer. The IC card replaces conventional 
safety modules and is thus arranged essen- 
tially stationarily in the card reader and is con- 
sequently used in connection with the serving 
of several different users of the transaction 
station. 
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SAFETY MODULE 

Technical Field 

The present invention relates to cryptographic pro- 
cessing of the communication between a transaction sta- 
tion and a central computer in connection with financial 
5 transactions. 

Background of the Invention and Prior Art 

Presently, there are various examples of systems 
where different users or visitors utilise a transaction 
10 station, which is in communication with a central compu- 
ter, for carrying out various types of financial transac- 
tions through the central computer. 

So-called ATMs (Automatic Teller Machines) are 
probably the most common example of such transaction sta- 
15 tions. With the aid of an ATM, a customer in a bank or a 
like user can withdraw money from his own bank account or 
carry out similar financial transactions. Usually, the 
user identifies himself with the aid of a magnetic card 
or the like, which is read by a card reader in the ATM 
20 and thus provides the ATM with information about the 

user's account number, bank, or the like. Subsequently, 
the user confirms that he is an authorised user of the 
card, i.e. the account, by entering a so-called PIN code 
(PIN - Personal Identification Number) , which usually 
25 consists of a combination of four numbers and which is 
known only by the cardholder (user) . The PIN code is 
usually entered with the aid of a keypad located on the 
ATM. Subsequently, the user indicates the transaction he 
wishes to carry out, usually a desired withdrawal amount. 
30 Next, the ATM transmits this information (account number, 
PIN code, withdrawal amount) to a central computer which 
contains information about the accounts of various card- 
holders. The communication between the ATM and the cen- 
tral computer often takes place by the intermediary of a 
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telephone connection. The central computer verifies that 
the PIN code entered is the correct one for the account 
number provided and, if so, transmits an enabling sig- 
nal to the ATM, which enabling signal indicates that 
5 the transaction has been approved. Upon receipt of the 
approval, the ATM dispenses notes corresponding to the 
desired withdrawal amount from a note dispenser to the 
user. If the central computer determines that the PIN 
code entered is incorrect for the account number provid- 
10 ed, it transmits an error signal to the ATM, in which 
case the latter either allows the user to make another 
attempt to enter the correct PIN code, returns the card 
to the user without dispensing any cash, or withholds the 
card. In some cases, the verification of the PIN code and 
15 the like can also take place in the transaction station 
itself, so-called off-line verification. 

In connection with the transmission of transaction 
messages of the above kind between the transaction sta- 
tion and the central computer, it is necessary or desir- 
20 able for at least certain types of information to be 
transmitted in encrypted form and for the messages to 
be provided with authentication in the form of MAC sums 
(Message Authentication Codes) or the like. This ensures 
both that the information cannot be accessed or listened 
25 in on by unauthorised individuals and that messages 

received have not been distorted or altered during the 
transmission . 

In order to provide the above-mentioned and similar 
cryptographic functions, such as encrypting, decrypting, 

30 authentication, etc., transaction stations are equipped 
with a so-called safety module, in which cryptographic 
keys and algorithms for the communication between the 
transaction station and the central computer are provided 
and executed. The safety module is essentially fixedly or 

35 stationarily connected to the transaction station. In the 
case of ATMs, the safety module is generally fixedly con-, 
nected inside a safety cabinet in the machine. 
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Since one wishes to ensure that unauthorised indivi- 
duals do not gain access to the information in the safety 
module, i.e. primarily the cryptographic keys, the safety 
module is protected by embedding the electronic circuitry 
5 inside a physically protective shell and by providing 
the module with a destruct function which, by utilising 
various sensor members, e.g. an enclosing metal layer, 
is intended to destroy the cryptographic keys and other 
essential software in the event that someone tries to 
10 break open the safety module. 

Moreover, the safety module is usually equipped with 
a battery which ensures that the cryptographic keys are 
retained in the memory even if the power supply to the 
safety module is temporarily cut off or is lacking, for 
15 example in connection with a power cut or when an ATM is 
temporarily shut off for maintenance, repairs, updating 
or the like. The battery is also active from the time 
when the safety module is provided with the cryptographic 
keys until the safety module has been arranged inside or 
20 adjacent to the transaction station and the latter has 

been connected to mains current. In some cases, the bat- 
tery may also be necessary for maintaining the above-men- 
tioned destruct function in a situation where the safety 
module has been disconnected. 
25 A problem associated with these types of safety 

modules is that the need to protect the contents from 
unauthorised access, and therefore the necessity of 
safety arrangements and destruct functions, results in 
additional difficulties and costs in connection with the 
30 manufacture and design of the safety module. 

Another problem is that the battery which is usually 
required exhibits a limited guaranteed functional life, 
e.g. 5 years, whether it be rechargeable or not. This 
means that the safety module, or the battery therein, 
35 must be replaced at regular intervals, which is not an 

entirely uncomplicated process in the case of many types _ 
of safety modules. Consequently, this puts demands on the 
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manufacturer's service organisation. It also means that 
there are limited possibilities for stocking safety 
modules. In addition, used batteries must be disposed of, 
something which must be carried out according to proper 
5 environmental procedures. 

A further problem is that a malfunction of the safe- 
ty module cannot be easily dealt with. Often, service 
staff must go to the malfunctioning transaction station 
to replace or repair the malfunctioning part of the safe- 
10 ty module. Naturally, this results in undesired costs and 
time periods when the transaction station is not usable. 

It is thus an object of the present invention to 
provide a simpler solution which reduces the risk of 
unauthorised individuals reading the contents of the 
15 safety module, primarily the cryptographic keys. 

Another object of the invention is to provide a 
solution which avoids the problems connected with the 
limited life of the battery. 

Yet another object is to provide a solution which 
20 enables easier and quicker repair, maintenance and updat- 
ing of the safety module. 

Summary of the Invention 

According to a first aspect of the present inven- 

25 tion, the above-mentioned as well as other objects are 
achieved by an IC card designed to be essentially sta- 
tionarily arranged in a card reader inside, or adjacent 
to, a transaction station for cryptographic processing of 
data which is to be transmitted from the transaction sta- 

30 tion to a central computer and/or data which is received 
by the transaction station from a central computer, said 
IC card being utilised in connection with the serving of 
several different users of said transaction station, 
which IC card comprises: means for storing one or more 

35 cryptographic keys; means for receiving input signals to 
the card; means for executing one or more cryptographic ~ 
algorithms utilising one or more of said cryptographic 
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keys depending on the control information received in 
said input signals to the card; and means for outputting 
output signals, comprising the result of said execution, 
from the card, 

5 The invention is thus based upon the idea of replac- 

ing the conventional safety module with an IC card reader 
provided with an IC card according to the invention, 
which supplies the keys and algorithms required for cryp- 
tographic processing of the communication between the 
10 transaction station and the central computer. 

According to preferred embodiments, the IC card is 
utilised for e.g. encryption, decryption and authenti- 
cation of messages. Accordingly, the IC card advan- 
tageously stores master keys as well as session keys and 
15 authentication keys. The preferred algorithm for crypto- 
graphic processing is the so-called DES algorithm (DES - 
Data Encryption Standard) . 

An inherent advantageous characteristic of IC cards 
is that their physical structure is such that cryptogra- 
20 phic keys stored therein normally cannot be read from 

the card, considering what is practicable using existing 
technology. Consequently, the utilisation of an IC card 
according to the invention, as a replacement for the con- 
ventional safety module, results in inherent protection 
25 against the risk of an unauthorised individual gaining 
access to the secret keys. Even if the IC card itself 
were to fall into the wrong hands, this individual will 
still not gain access to the keys. Consequently, the IC 
cards themselves can be handled without any special safe- 
30 ty arrangements. If an IC card were to malfunction in a 
transaction station, a new card could easily be sent by 
mail to the persons responsible for the ongoing opera- 
tion of the transaction station. Moreover, service staff 
responsible for maintenance of transaction stations would 
35 not need to take pains to employ special safety arrange- 
ments for safekeeping the IC cards; in principle the 
cards could be handled in the same manner as other compo- 
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nents of the device. However, it should be noted that 
according to a possible embodiment, the invention is not 
restricted to the non-readability of the keys from the 
card, although, in practice, this is a very essential 
5 feature. 

Since, according to a preferred embodiment, the 
memory used in the IC card consists of a non-volatile 
memory, usually of the EEPROM type, in which the informa- 
tion in the memory cells is changed with the aid of elec- 

10 trical signals but is physically preserved without any 
holding current being required, the need for providing 
a separate auxiliary current feed for the memory part of 
the IC card is eliminated, which is an advantageous dif- 
ference in comparison with the known safety module. Nor 

15 is a current feed required for maintaining an active 

safety function in the card when it is not located in the 
card reader, in comparison with the conventional safety 
module, since there is an inherent safety function in the 
structure of the IC card, as discussed above. 

20 IC cards according to the invention are not re- 

stricted to a specific card size. Accordingly, different 
embodiments of the invention comprise, for example, IC 
cards of the following size types: ID-1, ID-00 (mini- 
cards), and ID-000 (plug-in cards). 

25 In this connection, it should be noted that the IC 

card according to the invention should not be equated 
with the various types of cards, such as magnetic cards 
or IC cards, which a user of a transaction station some- 
times carries to gain access to and utilise the station, 

30 such as ATM cards, credit cards or the like normally 

issued for personal use. Those types of cards are utilis- 
ed only very temporarily in the transaction station when 
the specific cardholder is being served. Instead, the IC 
card according to the invention is intended to be gene- 
35 rally stationarily arranged in, or adjacent to, the 

transaction station. The IC card according to the inven- , 
tion is thus utilised essentially continuously in the 



WO 98/59327 



PCT/SE98/01019 



transaction station in connection with the serving of 
several different users visiting the transaction station, 
usually one at a time. 

Furthermore, it will be appreciated that the term 
5 generally stationarily means that the IC card according 
to the invention is permanently arranged in the trans- 
action station during on-going operation, but that, 
obviously, the card can be replaced when required, for 
example in connection with a malfunction, when replac- 
10 ing or updating keys, or at regular intervals as a pure 
upgrading measure . 

According to a second aspect of the present inven- 
tion, the invention relates to a transaction station, 
intended to communicate with a central computer and to 
15 serve a user in connection with the carrying out of 

desired financial transactions through the central com- 
puter, which transaction station comprises: a user inter- 
face for data inputting by a user; and means for crypto- 
graphic processing of data which is to be transmitted to 
20 and/or be received from the central computer; the trans- 
action station according to the invention being charac- 
terised in that said means for cryptographic processing 
comprise a card reader intended to receive an IC card 
according to the above-mentioned first aspect of the pre- 
25 sent invention. 

According to a particularly preferred embodiment, 
the transaction station according to the invention con- 
sists of an ATM ("Automatic Teller Machine"), for example 
of the types which in Sweden are provided in public 
30 places, in banks, etc., under the brand names "Bankomat" 
and "Minuten" . 

According to yet another preferred embodiment said 
card reader is adapted to receive said IC card in such a 
way that it is inaccessible to a user. This reduces the 
35 risk of a user deliberately or inadvertently removing the 
IC card according to the invention, something which is 
not of great importance from the point of view of safety, 
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as discussed above, but which nevertheless would mean 
that the encrypting function of the transaction station 
would be put out of order. One way of achieving this is 
for the transaction station to be designed in such a way 
5 that the user only has access to a certain interface, 
while the card reader for the 1C card according to the 
invention does not form part of this interface but is 
instead located elsewhere. For example, according to a 
further preferred embodiment, said card reader for the 
10 IC card according to the invention is arranged in a safe- 
ty cabinet, for example inside the transaction station or 
adjacent to the transaction station. 

A user interface as stated above advantageously com- 
prises means for inputting a user identity, such as an 
15 additional card reader for reading an account number 

which is magnetically stored in the user's credit card; 
means for inputting a desired financial transaction, such 
as a keypad, and means for inputting an access code, such 
as a PIN code. In this context, it should be noted that 
20 said additional card reader for reading, for example, an 
account number stored in the user' s credit card does not 
constitute the same card reader as the one employed for 
receiving the IC card according to the invention. Accord- 
ing to another alternative, the user interface comprises 
25 a personal computer with an associated monitor, keyboard, 
mouse or like pointing device. 

The transaction station according to the invention 
advantageously comprises means for providing control 
information, such as information concerning the desired 
30 type of cryptographic processing as well as information 
or data required for this processing, to said IC card 
according to the invention, as well as means for receiv- 
ing said output signals from the IC card. 

Although ATMs constitute a preferred embodiment of 
35 the invention, a transaction station according to the 
invention can, for example, be designed as a so-called 
payment terminal which, for example, is located adjacent 



WO 98/59327 



PCT/SE98/01019 



9 

to cash registers in supermarkets, shops, and the like, 
where the customer can pay for goods or services purchas- 
ed by, for example, entering an account number, usually 
also by means of a magnetic card, and confirming that he 
5 is an authorised user by inputting the correct PIN code. 
According to one variant, one or more payment terminals 
are connected to a personal computer which in turn com- 
municates with a central computer at a bank or the like. 
A further example of transaction stations according 
10 to the invention comprise personal computer terminals 
which are configured to enable the user to request 
various financial transactions in a similar way through 
a central computer. Such personal computer terminals can, 
for example, be made available to the public in public 
15 places, in banks, in companies as a service offered to 

employees, or explicitly for the accounting functions of 
the company. The technique of providing this type of 
opportunity to carry out financial transactions at home 
with the aid of computers is also more or less a reality 
20 already. 

Other types of financial transactions and functions 
can also be carried out by means of transaction stations 
according to the invention, such as transfers between 
different bank accounts, balance information, payment 

25 orders, securities transactions, etc. Depending on the 
application and the system in question, there are also 
many different possible ways of obtaining information 
from the user, e.g. by utilising magnetic cards, IC 
cards, keyboards or keypads, touch screens, etc. 

30 In the case of payment terminals, personal computers 

and the like, the IC card reader according to an embodi- 
ment is connected to an external port thereto and conse- 
quently constitutes an external unit. 

Further aspects, objects, advantages, and features 

35 with respect to the present invention will appear from 
the appended claims and the description below. 
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Brief Description of the Drawings 

An embodiment of the present invention will now be 
described by way of example with reference to the accom- 
panying drawings, in which: 
5 Fig. 1 schematically shows a perspective view of a 

transaction station in the form of an ATM according to 
the present invention; 

Fig. 2 is a schematic block diagram of the transac- 
tion station in Fig. 1; 
10 Fig. 3 is a schematic block diagram of the integrat- 

ed circuit on the IC card in Fig. 2; 

Fig. 4 is a flowchart for the control computer in 
Fig. 2; 

Fig. 5 shows the structure of an example of a mes- 
15 sage being transmitted from the transaction station to 
the central computer in Fig. 2; and 

Fig. 6 is a flowchart for the integrated circuit in 
Fig. 3. 

2 0 Detailed Description of a Preferred Embodiment 

Fig. 1 is a perspective view of a transaction sta- 
tion 100 in the form of an ATM according to a preferred 
embodiment of the invention. 

The transaction station 100 in Fig. 1 comprises a 

25 first card reader 110 (only the insertion slot is shown) , 
a keypad 120, a monitor 130, and a printer 140 (only the 
output slot is shown) The transaction station further 
comprises a note box with a note dispenser 160. The note 
box, together with other electronic circuitry which is 

30 preferably kept at a higher level of safety, see Fig. 2 

below, is contained in a safety cabinet 105 of the trans- 
action station. 

Fig. 2 is a schematic block diagram of the trans- 
action station in Fig. 1. The parts and components in 

35 Fig. 1 which are also shown in Fig. 2 are referred to 
by the same reference numerals. Thus, Fig. 2 shows the 
transaction station 100 comprising the card reader 110, 
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the keypad 120, the monitor 130, and the printer 140, all 
of which are arranged in an upper space in the trans- 
action station 100. According to this embodiment, the 
card reader 110 is designed to receive and read a magne- 
5 tic card 115 which the visitor or user, i.e. the card- 
holder, brings with him. 

Moreover, the transaction station 100 comprises a 
note box 160, a safety module in the form of a second 
card reader 170 in which an IC card 300 exhibiting an 
10 integrated circuit 310 is arranged, a control computer 

180 and a communication unit 190. Since extra high access 
protection is desired for these types of components, they 
are arranged in the safety cabinet 105 in the lower space 
of the transaction station 100. 
15 The operation of the transaction station 100 is 

generally controlled by the control computer 180, which 
communicates with the first card reader 110, the keypad 
120, the monitor 130, the printer 140, the note box/dis- 
penser 160, and the second card reader 170 by the inter- 
20 mediary of a shared communication bus 150. With the aid 

of a modem 195, the transaction computer can be connected 
to a telephone network 197 and can thus communicate with 
a central computer 200 from a distance. 

The integrated circuit 310 on the IC card 300, which 
25 in itself or together with the second card reader 170 can 
be said to form a safety module for the transaction sta- 
tion 100, provides the cryptographic algorithms and keys 
utilised in connection with the transmission of messages 
between the transaction station 100 and the central com- 
30 puter 200. 

Examples of operational routines for the transaction 
computer in Figs 1 and 2 will be described below with 
reference to Figs 4, 5, and 6. 

Fig. 3 is a schematic block diagram of the integrat- 
35 ed circuit 310 of the IC card 300. The circuit 310 is 

thus formed on the IC card with the aid of conventional 
technology and can communicate with the control computer 
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180 when the IC card 300 is inserted into the second card 
reader 300. 

The basic structure of the IC card 300 and the inte- 
grated circuit 310, such as connections and arrangements 
5 for transferring data between the card reader 170 and the 
integrated circuit 310 and like functions, are well known 
in the technical field relating to IC cards and, conse- 
quently, a more detailed description thereof will not be 
provided in this application. 
10 The integrated circuit 310 of the IC card 300 gene- 

rally comprises a microprocessor 315 and a non-volatile, 
writable memory 320, 330, usually of the EEPROM type. 

The EEPROM memory comprises, inter alia, a first set 
of memory fields 320 which store the cryptographic keys 
15 employed in connection with cryptographic processing of 
messages transmitted between the transaction station 100 
and the central computer 200. Usually, there are three 
different types of cryptographic keys stored in the memo- 
ry fields 320. First, so-called authentication keys which 
20 are used in connection with the authentication of mes- 
sages, e.g. for calculating so-called message authentica- 
tion codes ("MACs"), second, so-called session keys which 
are used in connection with encryption/decryption of PIN 
codes and other sensitive information transmitted between 
25 the transaction station and the central computer, and, 
third, one or more master keys which are used, inter 
alia, when new keys are transmitted, i.e. when old ses- 
sion or authentication keys are to be replaced by new 
keys by the intermediary of the telephone network 197. 
30 Obviously, the central computer 200 has access to such 

corresponding keys as are necessary for the central sta- 
tion to handle the cryptographically processed communica- 
tion with the transaction station. 

Furthermore, each memory field 320, i.e. each key, 
35 is associated with a corresponding field of a second set 
of memory fields 330. The memory fields 330 store infor-. 
mation setting out the applications or functions for 
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which the associated key may be utilised, since each spe- 
cific key may usually only be used for a certain type of 
cryptographic processing or for cryptographic processing 
of only a certain type of information. 
5 The processing in the integrated circuit 310 is car- 

ried out in the microprocessor 315. The microprocessor 
315 is configured to carry out various types of crypto- 
graphic processing by executing various program routines 
340-370, which are schematically illustrated separated by 
10 dashed lines in Fig. 3, by employing various selected 

keys from the memory field 320. The program routines in 
the microprocessor comprise a receiving/addressing rou- 
tine which is configured to receive control information 
from the transaction station, preferably from the control 
15 computer 180. Such control information comprises, for 
example, information about the type of cryptographic 
processing requested, the cryptographic key to be used, 
data which is to be processed, etc. 

In the preferred embodiment, essentially all types 
20 of cryptographic processing are carried out with the aid 
of a DES algorithm (DES - "Data Encryption Standard") in 
a program routine 360. The DES algorithm in block 360 is 
thus used in the preferred embodiment in connection with 
encryption as well as decryption and authentication. 
25 Depending on the type of cryptographic processing desir- 
ed, one of several different preparatory program routines 
351-353 are used, which prepare and configure the infor- 
mation required in the subsequent DES algorithm 360 in 
order for the latter to provide the type of cryptographic 
30 processing desired. For example, the program routine 351 
is addressed when encryption is requested, the program 
routine 352 when decryption is desired, and the program 
routine 353 when authentication is desired. In this con- 
nection, the respective program routine 351-353 fetches 
35 the keys to be utilised and structures the data to be 

processed in a suitable way, after which the actual cryp-^ 
tographic algorithm is carried out in the routine 360. 
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Furthermore, one or more subsequent program routines 
370 are included which assemble the processed information 
in a suitable manner and feed it back to the control com- 
puter 180 of the transaction station by the intermediary 
5 of the card reader. 

The person skilled in the art will appreciate that 
the operation and structure of the integrated circuit 
310 and the microprocessor 315 can be readily implement- 
ed in many different ways and that the invention is not 

10 restricted to the program routines and memory fields 

described above by way of example. For example, the dif- 
ferent program routines can be more or less integrated 
with one another. The actual program routines can be 
stored in a memory, similar to the way the information in 

15 the memory fields 320 and 330 is stored and, in this 

case, can be read into the microprocessor when requested. 
However, it is an important characteristic of the inte- 
grated circuit 310 that the cryptographic keys are stored 
in such a way that, in view of what is reasonable and 

20 technically possible, they cannot be read from the card 
and thereby become accessible to unauthorised indivi- 
duals . 

The microprocessor 315 can, for example, also com- 
prise program routines which are executed in connection 
25 with the replacement or updating of keys, initialising of 
cards, etc. 

An example of the mode of operation of the trans- 
action station when serving a user or visitor will now be 
described with reference to Fig. 4, which schematically 
30 illustrates a flowchart for the control computer 180 in 
Fig. 2. 

The routine shown in Fig. 4 is initiated in step S10 
by the user inserting his magnetic card 115 into the card 
reader 110. In step S12, the card reader 110 reads the 
35 cardholder's account number, which is magnetically stored 
on the magnetic strip of the magnetic card 115, and feeds 
it to the control computer 180 by the intermediary of the 
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bus 150. In step S14, with the aid of the monitor 130, 
the control computer subsequently instructs the user to 
enter his PIN code with the aid of the keypad 120, after 
which the PIN code entered by the user is fed from the 
5 keypad 120 the control computer 180 by the intermediary 
of the bus 150. In step S16, with the aid of the monitor 
130, the control computer 180 subsequently instructs the 
user to enter the desired withdrawal amount with the aid 
of the keypad 120, after which the amount entered by the 
10 user is fed from the keypad 120 to the control computer 
180 by the intermediary of the bus 150. 

Subsequent to obtaining the above information, the 
control computer sends an instruction, in step S18, to 
the IC card 310 which is essentially stationarily arrang- 
15 ed in the transaction station and which constitutes the 
safety module of the transaction station, instructing it 
to carry out the encryption of the PIN code utilising a 
specified encryption key. Accordingly, in this case, the 
instruction to the IC card comprises control information 
20 in the form of details as to the operation requested 
(encryption) , data which is to be processed (the PIN 
code entered) , as well as details as to the key to be 
used for the processing. If desired, the account number, 
for example, could also be included in the information 
25 to be encrypted. 

In step S20, when the IC card has returned the 
encrypted PIN code, the control computer puts together 
the account number of the user, the encrypted PIN code, 
and the amount requested into a single connected message. 
30 Subsequently, in step S22, the control computer 

sends this message to the IC card 310 instructing it to 
calculate an authentication code (MAC) for the message. 
In this case, the instruction to the IC card thus com- 
prises control information in the form of details as to 
35 the operation requested (calculation of authentication 
code) , data to be processed (the message consisting of 
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the account number, the encrypted PIN code, and the 
amount) , as well as details as to the key to be used. 

Subsequently, the finished message is sent, e.g. 
by the intermediary of the telephone network 195, to 
5 the central computer 200 in step S24. An example of such 
a finished message is schematically shown in Fig. 5, in 
which the message comprises a first field 400 for the 
user's account number, a second field 410 for the 
encrypted PIN code, a third field 420 for the desired 
10 withdrawal amount 420, and a fourth field for the authen- 
tication code 430. 

Next, in step 26, a reply is received from the cen- 
tral computer 200. In the case where the reply is expect- 
ed to comprise an authentication code, the control com- 
15 puter instructs the IC card 300, step S28, to authenti- 
cate the reply message. Accordingly, in this case, the 
instruction to the IC card comprises control information 
in the form of details as to the operation requested 
(authentication) , data to be processed (the reply mes- 
20 sage) , as well as details as to the key to be used. 

After step S28, if the result of the authentication 
in the IC card is that the reply message is incorrect for 
some reason, the control computer proceeds to a program 
routine which is not shown in Fig. 4, which may, for 
25 example, involve the transaction station 100 awaiting a 
new reply message from the central computer 200 or the 
transaction station 100 interrupting the current trans- 
action and returning the magnetic card 115 to the user. 
If the reply message from the central computer is 
30 correct, but states that the transaction requested is 
not approved, for example because the PIN code entered 
is incorrect or because the amount requested exceeds the 
balance available in the user's account, subsequent to 
step S28, the control computer 180 proceeds to a program 
35 routine which is not shown in Fig. 4, which, for example, 
may involve the transaction station 100 interrupting the _ 
current transaction and returning the magnetic card 115 
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to the user, the transaction station instructing the user 
to make a new attempt to enter the correct PIN code since 
the previous one was incorrect, or the transaction sta- 
tion withholding the user' s magnetic card and interrupt- 
5 ing the transaction without returning the card to the 
user . 

However, if the reply message is authenticated as 
being correct and if, in addition, it contains a trans- 
action approval, the transaction station 100, in step 

10 S30, dispenses the amount requested from the note box/ 

dispenser 160 to the user, writes a transaction report to 
the user in the form of a transaction slip with the aid 
of the printer 140 in step S32, and returns the magnetic 
card 115 from the magnetic card reader to the user in 

15 step S34. Subsequently, in step S36, the transaction 

station returns to an idle position while waiting for a 
new magnetic card to be inserted into the card reader 
110. 

An example of the mode of operation of the IC card 
20 300, i.e. the integrated circuit 310, in relation to the 
control computer 180 in the transaction station 100 will 
now be described with reference to Fig. 6, which shows a 
schematic flowchart for the microprocessor in Fig. 3. 

The routine shown in Fig. 6 is initiated in steps 
25 B10 and B12 by the microprocessor 315, utilising the pro 
gram routine 340 in Fig. 3, receiving an instruction by 
the intermediary of the bus 150 from the control compute 
180 of the transaction station 100. The instruction may, 
for example, be the instruction sent from the control 
30 computer 180 to the IC card 300 in step S18 (request for 
encryption) , step S22 (request for calculation of authen 
tication code) , or step S28 (request for authentication 
of reply) in the flowchart described with reference to 
Fig. 4 above. 

35 Next, the microprocessor 315 establishes the type o 

function requested, i.e. the desired type of cryptogra- 
phic processing, as well as the key to be used for this 
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function, in steps B14 and B16, respectively, by deriving 
this information from the instruction received. Subse- 
quently, the microprocessor 315 verifies, in step B18, 
that the information in the field 330 associated with the 
5 memory field 320 for the key indicated states that the 
key may be utilised for the function requested. If not, 
the routine is interrupted and the IC card 300 informs 
the control computer 180 that the task will not be car- 
ried out. 

10 Depending on the type of function to be carried out, 

this and similar kinds of preparatory obtaining, verify- 
ing, and formatting of information which is to be utilis- 
ed in the actual cryptographic algorithm can be carried 
out in different ways, as indicated by the different rou- 

15 tines 315-353 in Fig. 3. 

Subsequently, in step B20, the cryptographic pro- 
cessing is executed, in the preferred case by using the 
DES algorithm in routine 360 in Fig. 3, depending on the 
desired cryptographic function and key as stated above. 

20 Subsequently, in step B22 (program routine 370 in 

Fig. 6), the result of the cryptographic processing in 
step B20 is put together the preferred way according to 
the function requested, after which the result is sent 
back to the control computer (PC) 180 in step B24. Sub- 

25 sequently, in step B26, the IC card returns to an idle 
position awaiting new instructions. 

Although the invention has been described above by 
way of example with reference to an embodiment thereof, 
it will be appreciated that various modifications and 

30 changes can be made within the scope of the invention, 

which is defined in the appended claims. For example, the 
design of both the transaction station as a whole and the 
IC card according to the invention can vary depending on 
the application in question. Although in the above embo- 
35 diment, the invention has been described in connection 

with cash withdrawals from an ATM, it will be appreciated-, 
that the invention can also be utilised for carrying out 
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other types of financial transactions through the central 
computer. Moreover, the user interface can comprise other 
types of members than the ones described above. For exam- 
ple, the user interface can comprise a PC with a key- 
5 board, a mouse, and a monitor or the like. The communica- 
tion between the central computer and the transaction 
station according to the invention can take place over 
different types of communication networks. Although it is 
preferred that the IC card according to the invention is 
10 arranged out of reach of the user, preferably in a safety 
cabinet, it can also be arranged in such a way that it is 
both accessible to the user and unprotected, since the 
keys are stored in such a way that they still cannot be 
accessed by unauthorised individuals. 
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CLAIMS 

1. An IC card designed to be essentially station- 
5 arily arranged in a card reader in, or adjacent to, a 

transaction station in order to cryptographically process 
data which is to be transmitted from the transaction sta- 
tion to a central computer and/or data which is received 
by the transaction station from a central computer, said 
10 IC card being utilised in connection with the serving of 
several users of said transaction station, which IC card 
comprises : 

means for storing one or more cryptographic keys; 
means for receiving input signals to the card; 
15 means for executing one or more cryptographic 

algorithms utilising one or more of said cryptographic 
keys depending upon control information received in said 
input signals to the card; and 

means for outputting output signals, comprising 
20 results of said execution, from the card. 

2. An IC card according to claim 1, wherein said 
cryptographic keys comprise one or more master keys uti- 
lised in connection with encrypted transmission of other 

25 cryptographic keys, such as session keys and authentica- 
tion keys, from the central computer to said IC card, or 
alternatively from the IC card to the central computer. 

3. An IC card according to claim 1 or 2, wherein 
30 said cryptographic keys comprise one or more session 

keys utilised in connection with encryption/decryption of 
transaction data transmitted between the transaction sta- 
tion and the central computer, in addition to which said 
cryptographic algorithms comprise one or more algorithms 
35 for encrypting/decrypting said transaction data. 

4 . An IC card according to claim 1, 2, or 3, wherein 
said cryptographic keys comprise one or more authentica- 



,WO 98/59327 



PCT/SE98/01019 



21 

tion keys utilised in connection with the authentication 
of messages between the transaction station and the cen- 
tral computer, in addition to which said cryptographic 
algorithms comprise one or more algorithms for authenti- 
5 eating said messages. 

5. A transaction station, intended to communicate 
with a central computer and to serve users in connection 
with the carrying out of desired financial transactions 
10 through the central computer, comprising 

a user interface for the inputting of data by a 
user; and 

means for cryptographic processing of data which is 
to be transmitted to/or be received from the central com- 
15 puter; 

characterised in that 

said means for cryptographic processing comprise a 
card reader intended to receive an IC card according to 
any one of the preceding claims. 



20 



6. A transaction station according to claim 5, 
wherein said card reader is adapted to receive said IC 
card so that the latter is kept inaccessible to a user. 



25 7. A transaction station according to claim 6, 

wherein said card reader is arranged in a safety cabinet. 



8 . A transaction station according to any one of 
claims 5-7, wherein said user interface comprises means 
30 for inputting a user identity; means for inputting a 

desired financial transaction and means for inputting an 
access code. 



35 



9. A transaction station according to claim 8, 
wherein said means for inputting a user identity comprise 
an additional card reader. 
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10. A transaction station according to any one of 
claims 5-9, further comprising means for providing con- 
trol information, including information about the type of 
cryptographic processing desired as well as the informa- 

5 tion required therefor, to said IC card, as well as means 
for receiving said output signals from the IC card. 

11. A transaction station according to any one of 
claims 5-10 in the form of an ATM. 

10 

12. A transaction station according to any one of 
claims 5-10 in the form of a computer terminal unit, such 
as a personal computer, configured to enable a user 
thereof to carry out financial transactions through said 

15 central computer. 

13. Use of an IC card according to any one of claims 
1-4 for cryptographic processing of data which is to be 
transmitted from a transaction station to a central com- 

20 puter and/or data received by the transaction station 
from a central computer. 

14. Use of an IC card according to claim 13, speci- 
fically for encrypting PIN codes. 

25 

15. Use of a transaction station according to any 
one of claims 5-12 for communication with a central com- 
puter for the purpose of serving several users in connec- 
tion with the carrying out of desired financial trans- 

30 actions through the central computer. 
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